Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
Max CVSS
1.7
EPSS Score
0.17%
Published
2016-01-21
Updated
2019-12-27
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
Max CVSS
1.7
EPSS Score
0.18%
Published
2015-10-21
Updated
2022-09-15
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.
Max CVSS
1.7
EPSS Score
0.58%
Published
2015-07-16
Updated
2018-01-05
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-05-27
Updated
2018-01-05
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
Max CVSS
1.9
EPSS Score
0.08%
Published
2015-01-21
Updated
2022-05-13
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-07-29
Updated
2017-01-07
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
Max CVSS
1.5
EPSS Score
0.04%
Published
2014-07-29
Updated
2017-01-07
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-07-03
Updated
2020-08-14
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
Max CVSS
1.2
EPSS Score
0.06%
Published
2014-07-23
Updated
2023-02-13
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Max CVSS
1.2
EPSS Score
0.04%
Published
2014-01-26
Updated
2014-03-06
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-08-19
Updated
2018-10-30
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-08-19
Updated
2014-01-14
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-10-28
Updated
2013-10-29
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-04-17
Updated
2014-05-05
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-03-06
Updated
2014-03-07
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-11-29
Updated
2020-08-14
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2023-02-13
spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue.
Max CVSS
1.2
EPSS Score
0.04%
Published
2006-06-30
Updated
2008-09-05
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!